Story image

Spam goes mobile

05 Feb 2016

Mobile devices are becoming a new target for spam and malware attacks as the volume of spam emails begin to decrease, according to new information from Kaspersky Lab.

The latest Kaspersky Lab Security Bulletin says the volume of spam emails in 2015 decreased to 55.28% of overall email traffic – a fall of 11.48% on the previous year.

According to the company, the significant slump in spam emails can be attributed to the increasing popularity of legal advertising platforms on social networks and coupon clipping services.

Spam goes mobile

In 2015 cybercriminals continued to send out fake emails from mobile devices and notifications from mobile apps containing malware or advertising messages, Kaspersky Lab explains.

New tactics included fraudsters  spreading malware in the form of .apk (Android executive files) and .jar (ZIP archives containing a program in Java).

In addition, cybercriminals masked a mobile encryption trojan behind a file containing updates for Flash Player. After launching, the malware encrypted images, documents and video files stored on the device with users receiving a message telling them to pay a fee in order to the decrypt files.

“The increased use of mobile devices in our everyday life to exchange messages and data, as well as access and control bank accounts, has also resulted in increased exploitation opportunities for cybercriminals,” explains Daria Loseva, spam analysis expert at Kaspersky Lab says.

“Mobile malware and fraudulent spam is becoming more popular and efforts to dupe victims are becoming more sophisticated year on year, with the emergence of apps that can be used by cybercriminals both directly (for sending out spam, including malicious spam) and indirectly (via phishing emails),” she says.

“Mobile device users therefore need to be on their guard and remain vigilant, as cybercriminal activities in this area are only likely to increase, along with our reliance on devices,” says Loseva.

The Kaspersky Lab spam report also identified the following trends in 2015:

  • Over three quarters (79%) of all emails sent were less than 2kb, which shows a steady decrease in email size for spam campaigns over the past few years.
  • The US remained the biggest source of spam (15.2%), with second place taken by Russia (6.15%) and China making way for Vietnam in third spot (6.12%).
  • Financial institutions such as banks, payment systems and online shops were attacked most often with phishing emails (34.33%, a rise of 5.59%)

Hot spam topics of the year

Although the Olympic games in Brazil has yet to take place, fraudsters have already started to exploit the event, sending emails announcing false lottery wins and asking the recipient to fill in a form with their personal details.

In these attacks, emails with pdf attachments, pictures and other graphical elements were designed to fool the spam filters.

‘Nigerian’ fraud used the Ukrainian political situation, the Syrian civil war, the election in Nigeria and the earthquake in Nepal to exploit the kindness and empathy of recipients with believable email content. These emails contained content calling for material support for a person in need.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.